[feature req] Kubernetes bearer token authentication

[lorf]

Please add the ability to authenticate to the cluster using bearer token auth. This will allow to simply create a ServiceAccount with required permissions using manifests and use it's token to authenticate KubeGraf to the cluster. For now it's required to create a user or sign a certificate which requires root access to the master nodes.

[SergeiSporyshev]

Hi! Thank you for your issue.
We are working on it right now

[Kurmaev]

@SergeiSporyshev Hi, i guess there is more easier way to achieve that w/o routes:

You can pass jsonData.httpHeaderName1 = "Authorization", secureJsonData.httpHeaderValue1 = 'Bearer bearer-token' to the datasource. Then grafana would append that by theirselve without additional pain / refactoring :)

[Kurmaev]

@SergeiSporyshev For me, working conf looks like following:
curl '<grafana-endpoint>/api/datasources/6' -X PUT -H 'Cookie grafana-cookie' --data-binary '{"id":6,"orgId":1,"name":"Staging","type":"devopsprodidy-kubegraf-datasource","typeLogoUrl":"","access":"proxy","url":"<k8s-endpoint>","password":"","user":"","database":"","basicAuth":false,"basicAuthUser":"","basicAuthPassword":"","withCredentials":false,"isDefault":false,"jsonData":{"keepCookies":[],"prom_name":"Prometheus","refresh_pods_rate":"60","tlsSkipVerify":true, "httpHeaderName1": "Authorization"},"secureJsonData":{"httpHeaderValue1": "Bearer bearer-token-from-service-account-with-needed-perms"},"version":<your-version-id>,"readOnly":false}' --compressed

[SergeiSporyshev]

https://github.com/devopsprodigy/kubegraf/releases/tag/v1.1.0